Detection and Recovery Against Deep Neural Network Fault Injection Attacks Based on Contrastive Learning
Chenan Wang, Pu Zhao, Siyue Wang, Xue Lin
TL;DR
This work tackles the vulnerability of DNN inference to fault injection attacks by introducing CFDR, a self-resilient framework that leverages contrastive learning to detect FIAs and recover model performance. By training with SimCLR, CFDR uses a label-free contrastive loss as a real-time detector during inference and triggers a two-phase recovery when anomalies are detected. The contributions include the first CL-based approach for FIA detection and recovery, a highly sensitive detector operable on a single unlabeled batch, and a fast recovery method effective with limited data. Validated on CIFAR-10 with ResNet-18 under PBS, FSA, and GDA attacks, CFDR demonstrates meaningful detection and substantial recovery under various data availability scenarios, highlighting its potential for robust, edge-device DNN deployment.
Abstract
Deep Neural Network (DNN) models when implemented on executing devices as the inference engines are susceptible to Fault Injection Attacks (FIAs) that manipulate model parameters to disrupt inference execution with disastrous performance. This work introduces Contrastive Learning (CL) of visual representations i.e., a self-supervised learning approach into the deep learning training and inference pipeline to implement DNN inference engines with self-resilience under FIAs. Our proposed CL based FIA Detection and Recovery (CFDR) framework features (i) real-time detection with only a single batch of testing data and (ii) fast recovery effective even with only a small amount of unlabeled testing data. Evaluated with the CIFAR-10 dataset on multiple types of FIAs, our CFDR shows promising detection and recovery effectiveness.